Sign-up

ID

VAR-202512-2581


CVE

CVE-2025-15258


TITLE

EDIMAX Technology of BR-6208AC  Open redirect vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024519

DESCRIPTION

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer. Edimax BR-6208AC 1.02/1.03 The vulnerability was discovered in . We recommend upgrading to a newer, more secure model.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software

Trust: 1.62

sources: NVD: CVE-2025-15258 // JVNDB: JVNDB-2025-024519

AFFECTED PRODUCTS

vendor:edimaxmodel:br-6208acscope:eqversion:1.02

Trust: 1.0

vendor:edimaxmodel:br-6208acscope:eqversion:1.03

Trust: 1.0

vendor:edimaxmodel:br-6208acscope:eqversion:br-6208ac firmware 1.02

Trust: 0.8

vendor:edimaxmodel:br-6208acscope: - version: -

Trust: 0.8

vendor:edimaxmodel:br-6208acscope:eqversion: -

Trust: 0.8

vendor:edimaxmodel:br-6208acscope:eqversion:br-6208ac firmware 1.03

Trust: 0.8

sources: JVNDB: JVNDB-2025-024519 // NVD: CVE-2025-15258

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-15258
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-15258
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-024519
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2025-15258
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-024519
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-15258
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-15258
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-024519
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-024519 // NVD: CVE-2025-15258 // NVD: CVE-2025-15258

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.0

problemtype:Open redirect (CWE-601) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-024519 // NVD: CVE-2025-15258

PATCH

title:Submit #722446url:https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Open-Redirect-Vulnerability-in-Web-formALGSetup-handler-2d3b5c52018a80188e9ae30d3cc8c3d1?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2025-024519

EXTERNAL IDS

db:NVDid:CVE-2025-15258

Trust: 2.6

db:VULDBid:338648

Trust: 1.0

db:JVNDBid:JVNDB-2025-024519

Trust: 0.8

sources: JVNDB: JVNDB-2025-024519 // NVD: CVE-2025-15258

REFERENCES

url:https://tzh00203.notion.site/edimax-br-6208ac-v2_1-02-open-redirect-vulnerability-in-web-formalgsetup-handler-2d3b5c52018a80188e9ae30d3cc8c3d1?source=copy_link

Trust: 1.0

url:https://vuldb.com/?ctiid.338648

Trust: 1.0

url:https://vuldb.com/?id.338648

Trust: 1.0

url:https://vuldb.com/?submit.722446

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-15258

Trust: 0.8

sources: JVNDB: JVNDB-2025-024519 // NVD: CVE-2025-15258

SOURCES

db:JVNDBid:JVNDB-2025-024519
db:NVDid:CVE-2025-15258

LAST UPDATE DATE

2026-01-16T23:07:22.792000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-024519date:2026-01-13T09:45:00
db:NVDid:CVE-2025-15258date:2026-01-09T19:54:46.793

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-024519date:2026-01-13T00:00:00
db:NVDid:CVE-2025-15258date:2025-12-30T18:15:45.910